Crisis Management

Crisis Management

I. Pre-Crisis Planning & Preparation

A. Risk Identification & Assessment

List Potential Crisis Scenarios:
  • Data breaches and cybersecurity incidents
  • Negative media or social media backlash
  • Fraud or financial irregularities (internal or external)
  • Misconduct by staff, leadership, or volunteers
  • Fundraising campaign failures or donor dissatisfaction
  • Regulatory non-compliance or legal challenges
  • Natural disasters or other external emergencies affecting operations
Conduct Regular Risk Assessments:
  • Schedule quarterly reviews to update risk profiles
  • Engage with all departments (communications, IT, finance, etc.) to identify emerging threats

B. Develop a Crisis Management Plan (CMP)

Document Procedures & Protocols:
  • Write a step-by-step guide for activating crisis protocols
  • Define the chain of command and decision-making processes
  • Include escalation procedures and contingency plans
Assemble a Crisis Management Team (CMT):
  • Appoint a Crisis Manager/Leader
  • Identify department representatives (communications, IT, legal, finance, operations)
  • Establish a dedicated media spokesperson
  • Maintain an updated, accessible contact list of all CMT members
Legal & Regulatory Readiness:
  • Consult legal counsel to outline obligations and reporting requirements
  • Review insurance policies for crisis-related coverage
  • Prepare templates for regulatory notifications, if needed

C. Training & Simulations

Conduct Regular Training:
  • Provide crisis management training to all staff
  • Ensure that new hires are familiar with crisis protocols
Run Simulation Drills:
  • Organize annual or biannual crisis simulations
  • Debrief after drills and update the CMP based on feedback
Maintain Crisis Resources:
  • Keep an accessible repository of crisis management documents, templates, and contact lists
  • Ensure backup copies of all key documents (both digital and physical)

II. Early Detection & Monitoring

A. Monitoring Systems

Internal Monitoring:
  • Establish channels for employees and volunteers to report issues
  • Set up an internal “red flag” reporting system
External Monitoring:
  • Use media monitoring tools to track mentions in news outlets
  • Monitor social media platforms for negative sentiment or misinformation
  • Set up alerts for unusual activity related to donor feedback or fundraising metrics

B. Early Warning Indicators

Define Key Metrics:
  • Track donation patterns and campaign performance indicators
  • Monitor website and email traffic for spikes that might indicate a breach
  • Identify unusual financial transactions or operational anomalies
Schedule Regular Reviews:
  • Hold briefings with the CMT to review early warning signs
  • Adjust monitoring parameters as needed based on current risks

III. Crisis Response Activation

A. Initial Steps

Trigger the Crisis Management Plan:
  • Confirm that the situation meets crisis thresholds
  • Immediately alert the Crisis Management Team via pre-defined communication channels
Secure Critical Assets:
  • Protect sensitive data (donor information, financial records, intellectual property)
  • If a cybersecurity breach is suspected, work with IT to isolate affected systems

B. Internal Coordination

Hold an Emergency Meeting:
  • Gather the Crisis Management Team to assess the situation
  • Review the initial facts and decide on the crisis level/severity
Document the Crisis Timeline:
  • Record the onset time, initial actions, and all subsequent decisions
  • Maintain a central log for transparency and future analysis

IV. Communication Strategy

A. Internal Communication

Notify Staff & Volunteers:
  • Send an immediate internal alert with clear instructions
  • Explain the situation, known facts, and next steps
  • Designate a single point of contact for internal queries
Provide Ongoing Updates:
  • Schedule regular briefings with all staff
  • Use secure channels (intranet, internal email, messaging apps) for updates
  • Remind employees of confidentiality and the importance of consistency

B. External Communication

Develop a Public Statement:
  • Prepare an initial statement acknowledging the issue
  • Emphasize your commitment to transparency and corrective actions
  • Include disclaimers if details are under investigation
Prepare Supporting Materials:
  • Create FAQs for media and public inquiries
  • Develop talking points for the designated spokesperson
Engage with Donors & Stakeholders:
  • Contact major donors, partners, and board members with personalized messages
  • Reassure them with clear information on the measures being taken
  • Establish a hotline or dedicated email for crisis-related inquiries
Manage Social Media:
  • Monitor social media for emerging narratives
  • Respond promptly to misinformation with factual, calm messaging
  • Use scheduled posts to provide timely updates across platforms

V. Legal, Regulatory, & Financial Considerations

A. Legal & Regulatory

Consult with Legal Counsel Immediately:
  • Verify compliance with applicable laws and regulations
  • Determine if mandatory notifications to regulators or affected parties are required
Document Every Action:
  • Keep detailed records of communications, decisions, and actions
  • Ensure all documentation is secured and backed up

B. Financial Management

Assess Financial Impact:
  • Review immediate financial risks (donor withdrawal, campaign shortfalls)
  • Work with the finance team to quantify potential losses
Implement a Financial Contingency Plan:
  • Reallocate resources as necessary to manage cash flow during the crisis
  • Evaluate opportunities for emergency fundraising or donor outreach
Engage with Fundraising Commitments:
  • Inform prospective and current donors about the steps taken to mitigate the crisis
  • Consider organizing a targeted campaign to rebuild donor confidence

VI. IT & Data Security Response (If Applicable)

Activate IT Security Protocols:
  • Immediately notify your IT security team and external experts
  • Isolate compromised systems to prevent further breaches
Review & Update Data Protection Measures:
  • Assess vulnerabilities and initiate system-wide security checks
  • Notify affected parties and comply with data breach notification laws if necessary
Document IT Actions:
  • Keep a log of all cybersecurity measures taken
  • Update IT protocols based on findings during the crisis

VII. Recovery & Business Continuity

A. Stabilization

Implement a Recovery Plan:
  • Gradually resume normal operations while monitoring for residual issues
  • Prioritize restoring critical functions (donor communications, fundraising operations)
Ongoing Communication:
  • Keep stakeholders informed about recovery progress
  • Celebrate small milestones to rebuild morale and confidence

B. Business Continuity

Activate Business Continuity Plans (BCP):
  • Ensure that alternative work arrangements (remote work, temporary staffing) are in place
  • Test systems to verify they are fully operational
Reassess and Update Protocols:
  • Evaluate which systems or processes need strengthening
  • Implement improvements to prevent future crises

VIII. Post-Crisis Evaluation & Improvement

A. Debrief & Analysis

Conduct a Post-Crisis Review Meeting:
  • Involve all key members of the Crisis Management Team
  • Discuss what went well, what could be improved, and any unexpected challenges
Gather Feedback:
  • Solicit input from staff, donors, and stakeholders
  • Use surveys or debrief sessions to understand the overall response
Document Lessons Learned:
  • Update the Crisis Management Plan and Training materials based on insights
  • Archive all records of the crisis response for future reference

B. Long-Term Improvements

Revise Communication Strategies:
  • Improve internal and external communication protocols based on feedback
  • Refine media and social media guidelines for rapid response
Plan Follow-Up Training:
  • Schedule additional drills and update training sessions
  • Ensure the organization is better prepared for any future incidents
Report to Leadership & Board:
  • Prepare a comprehensive report outlining the crisis timeline, actions taken, and recovery outcomes
  • Recommend strategic changes or investments needed to bolster resilience